Changes between Initial Version and Version 1 of org/meetings/2017Amsterdam/BrowserSecuritySettings

Mar 23, 2017, 1:16:02 PM (2 years ago)

Describe session


  • org/meetings/2017Amsterdam/BrowserSecuritySettings

    v1 v1  
     1'''Let's identify the next steps to make Tor Browser Security Settings more useful *and* more usable'''
     3Tor Browser has Security Settings that allow users to disable some potentially dangerous functionality.
     5I see two major problems with the way this currently works.
     8== 1. UX is poor on higher security levels ==
     10Higher security levels break some websites without telling the user anything about it.
     13As a user
     14When the website I'm visiting is broken
     15I want to be given the means to make a good decision regarding the Security Settings
     18E.g. the way uBlock or NoScript do this i.e.: "I've blocked this as instructed, if it breaks anything you might want to unblock it, let me tell you about the consequences".
     21== 2. Security Settings are global ==
     24Most websites work fine with a medium security level, but some websites require a lower one.
     26But I have to choose the security level that works on *all* the websites I want to visit.
     28So in practice I visit most websites with lower security settings than necessary.
     30It would be great if the security settings could be adjusted to what each website really needs, so that I'm safer most of the time, and take additional risks only when needed.
     32== So… ==
     34What can we do about it?
     36This session won't be about finding the solution or designing UI, it's about:
     38 * Checking if we agree these two things are problems, and how bad they are.
     39 * Checking feasibility: e.g. which ones, among the prefs controlled by the Security Settings, could be made per-tab or per-website without too much effort? Which ones are too deeply tight to Firefox internals, and rewire how it works so much that it can't be per-tab/per-website without putting lots of effort into it?
     40 * Discussing whether this work would be better done by Mozilla, or by Tor, or by both together :)